Премини към съдържанието

sumnitelentip

Потребител
  • Публикации

    3
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

Всичко за sumnitelentip

  • Титла
    Новобранец
  1. Прикачвам двата файла от Farbar след лека промяна на настройки, за да не става прекалено дълъг този текст. Вече връзка през proxy е забранена, включително и в регистъра. Файлът STARTUP.reg е напълно чист. Остават само лентите от BS и някои неактивни изпълними файлове, които е лесно да бъдат премахнати. Сега се надявам да е напълно чист компютърът. FRST.txt Addition.txt
  2. Здравейте и на Вас, благодаря Ви за бързата реакция! Поради проблеми с Malwarebytes ще проведа малко по-късно scanning с FRST. За Recuva - истината е, че я ползвах за малко нетипична цел - да прегледам максимално много скрити файлове и папки, защото от Folder Options не се получава. С изненада установих, че програмата дава по-добра оценка за състоянието на мистериозните файлове, отколкото на видимите такива. Правя нещата малко отзад напред, ще ме простите за което. Излезе статистиката на Malwarebytes: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/12/17 Scan Time: 1:31 PM Log File: 985ee6a6-97a5-11e7-a4c0-001e9080b7a5.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2785 License: Trial -System Information- OS: Windows XP Service Pack 3 Доста бързо се случи и сканирането с FRST. CPU: x86 File System: NTFS User: NATURAL\Admin -Scan Summary- Scan Type: Custom Scan Result: Completed Objects Scanned: 348406 Threats Detected: 46 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 4 hr, 41 min, 27 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 PUP.Optional.BSPlayer, HKU\S-1-5-21-1343024091-515967899-1417001333-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}, No Action By User, [9987], [167776],1.0.2785 RiskWare.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TNod, No Action By User, [420], [352776],1.0.2785 Registry Value: 2 Hijack.ControlPanelStyle, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|FORCECLASSICCONTROLPANEL, No Action By User, [12931], [211462],1.0.2785 PUP.Optional.BSPlayer, HKU\S-1-5-21-1343024091-515967899-1417001333-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}, No Action By User, [9987], [167776],1.0.2785 Registry Data: 2 PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, [15506], [293296],1.0.2785 PUM.Optional.DisableShowHelp, HKU\S-1-5-21-1343024091-515967899-1417001333-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWHELP, No Action By User, [15513], [293313],1.0.2785 Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\lib, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}, No Action By User, [9987], [175927],1.0.2785 File: 33 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\Conduit.js, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\Conduit.xpt, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitAutoCompleteSearch.js, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitAutoCompleteSearch.xpt, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.idl, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.js, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.xpt, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFalert.xpt, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\npmozax.dll, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\nsAxSecurityPolicy.js, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\nsIMozAxPlugin.xpt, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\default_radio_skin.xml, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\lib\xpcom.js, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\manifest.mf, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\zigbert.rsa, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\zigbert.sf, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.gif, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.ico, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.PNG, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.src, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.xml, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome.manifest, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\install.rdf, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\setup.ini, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.BSPlayer, C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\version.txt, No Action By User, [9987], [175927],1.0.2785 PUP.Optional.APNToolBar, C:\DOCUMENTS AND SETTINGS\Admin\LOCAL SETTINGS\TEMP\MSI2D3.TMP, No Action By User, [6422], [76243],1.0.2785 RiskWare.Agent, C:\PROGRAM FILES\TNOD USER & PASSWORD FINDER\UNINST-TNOD.EXE, No Action By User, [420], [352776],1.0.2785 CrackTool.Agent.Keygen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{84BF7F2C-A51B-4B2E-9255-148D1CB490E2}\RP595\A0232635.EXE, No Action By User, [331], [367635],1.0.2785 CrackTool.Agent.Keygen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{84BF7F2C-A51B-4B2E-9255-148D1CB490E2}\RP595\A0232636.EXE, No Action By User, [331], [367635],1.0.2785 PUP.Optional.OpenCandy, D:\MATLAB\DTLITE4413-0173.EXE, No Action By User, [518], [297667],1.0.2785 RiskWare.Tool.CK, D:\INSTALL\CONVERTXTODVD_3.8.0.193C.ZIP, No Action By User, [257], [133323],1.0.2785 PUP.Optional.OpenCandy, D:\INSTALL\FREE PRIMOPDF.EXE, No Action By User, [518], [297667],1.0.2785 Physical Sector: 0 (No malicious items detected) (end) Доста бързо стана сканирането и с FRST. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2017 01 Ran by Admin (administrator) on NATURAL (12-09-2017 18:39:53) Running from C:\Documents and Settings\Admin\Desktop Loaded Profiles: Admin (Available Profiles: Admin) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Otaku Software) C:\Program Files\TopDesk\topdesk.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe () C:\Program Files\CDBurnerXP\NMSAccessU.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe () C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe (Portrait Displays, Inc) C:\Program Files\Philips Display\SmartControl II\dthtml.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe () C:\Program Files\Portrait Displays\Pivot Software\Floater.exe (Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe () C:\Program Files\Datecs\FlexType 2K\FType2K.exe () C:\Program Files\Windows Effects\UberIcon\UberIcon Manager.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (VisualTaskTips.com) C:\Program Files\Windows Effects\VisualTaskTips\VisualTaskTips.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Piriform Ltd) C:\Program Files\Recuva\recuva.exe (ESET spol. s r.o.) D:\Download\esetonlinescanner_enu.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TopDesk] => C:\Program Files\TopDesk\topdesk.exe [195584 2006-02-05] (Otaku Software) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [RTHDCPL] => RTHDCPL.EXE HKLM\...\Run: [SkyTel] => SkyTel.EXE HKLM\...\Run: [Alcmtr] => ALCMTR.EXE HKLM\...\Run: [PivotSoftware] => C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [694008 2007-02-09] () HKLM\...\Run: [DT PHL] => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [81920 2008-06-21] () HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.) HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-06-08] (Power Software Ltd) HKLM\...\Winlogon: [UIHost] logonui.exe No File Winlogon\Notify\crypt32chain: crypt32.dll [X] Winlogon\Notify\cryptnet: cryptnet.dll [X] Winlogon\Notify\cscdll: cscdll.dll [X] Winlogon\Notify\ScCertProp: wlnotify.dll [X] Winlogon\Notify\Schedule: wlnotify.dll [X] Winlogon\Notify\sclgntfy: sclgntfy.dll [X] Winlogon\Notify\SensLogn: WlNotify.dll [X] Winlogon\Notify\termsrv: wlnotify.dll [X] Winlogon\Notify\wlballoon: wlnotify.dll [X] HKLM\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1 HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-19\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-20\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-21-1343024091-515967899-1417001333-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1343024091-515967899-1417001333-1003\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1343024091-515967899-1417001333-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-1343024091-515967899-1417001333-1003\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1 HKU\S-1-5-21-1343024091-515967899-1417001333-1003\...\Policies\Explorer: [NoWindowsUpdate] 1 HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKLM\...\Providers\Internet Print Provider: inetpp.dll HKLM\...\Providers\LanMan Print Services: win32spl.dll Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk [2009-11-28] ShortcutTarget: FlexType 2K.lnk -> C:\Program Files\Datecs\FlexType 2K\FType2K.exe () Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2016-03-13] ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.) Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\UberIcon.lnk [2009-11-28] ShortcutTarget: UberIcon.lnk -> C:\Program Files\Windows Effects\UberIcon\UberIcon Manager.exe () Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\VisualTaskTips.lnk [2009-11-28] ShortcutTarget: VisualTaskTips.lnk -> C:\Program Files\Windows Effects\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-1343024091-515967899-1417001333-1003] => Proxy is enabled. Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{9F0D4855-858F-4401-AFB6-876575A0218B}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1343024091-515967899-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-1343024091-515967899-1417001333-1003 -> DefaultScope {8DCC8A7E-4721-41A9-BB83-C4AA5ED5E384} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta= SearchScopes: HKU\S-1-5-21-1343024091-515967899-1417001333-1003 -> {8DCC8A7E-4721-41A9-BB83-C4AA5ED5E384} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta= BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-31] (Adobe Systems Incorporated) BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16] (BitComet) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) Toolbar: HKU\S-1-5-21-1343024091-515967899-1417001333-1003 -> No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File FireFox: ======== FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Nvu\Profiles\p4sxow08.default [2017-06-13] FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default [2017-09-12] FF Homepage: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default -> hxxp://google.bg FF Extension: (AdBlocker Ultimate) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-12-29] FF Extension: (FoxFilter) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\Extensions\foxfilter@inspiredeffect.net.xpi [2016-04-27] FF Extension: (English (GB) Language Pack) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2017-01-28] FF Extension: (Places Maintenance) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\Extensions\places-maintenance@bonardo.net.xpi [2017-06-04] FF Extension: (SQLite Manager) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-11-30] FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-04] [not signed] FF Extension: (Popup Blocker Ultimate) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2017-07-12] FF Extension: (BitComet Video Downloader) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2010-01-29] [not signed] FF Extension: (Adblock Plus) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-30] FF Extension: (BS Player Toolbar) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ama3jqh0.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2010-11-05] [not signed] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-12] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-12] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-31] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2009-07-17] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2014-12-27] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-31] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2015-02-20] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2015-02-20] (Apple Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-08-12] (Adobe Systems Incorporated) [File not signed] S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [43008 2008-04-28] (Microsoft Corporation) [File not signed] R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2008-06-21] () [File not signed] R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2166040 2017-02-21] (ESET) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-11-24] (Macrovision Europe Ltd.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes) S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [53248 2008-04-28] (Microsoft Corporation) [File not signed] S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed] S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [30720 2008-04-28] (Microsoft Corporation) [File not signed] R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4230144 2011-12-16] (Native Instruments GmbH) [File not signed] R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] () S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed] R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [90112 2008-06-21] (Portrait Displays, Inc.) [File not signed] S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-03-13] (SolidWorks) [File not signed] S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation) S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed] S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation) S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [25244 1999-09-10] (Adaptec) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206472 2017-02-21] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [156288 2017-02-21] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [137856 2017-02-21] (ESET) R1 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [150816 2017-09-12] (Malwarebytes) R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105088 2006-06-28] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation) R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17064 2008-06-21] (Portrait Displays, Inc.) S1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2007-02-09] (Portrait Displays, Inc.) [File not signed] R3 pivotmou; C:\WINDOWS\system32\drivers\pivotmou.sys [11323 2007-02-09] (Portrait Displays, Inc.) [File not signed] R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114304 2015-06-08] (Power Software Ltd) S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed] S4 IntelIde; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-12 18:39 - 2017-09-12 18:40 - 000017930 _____ C:\Documents and Settings\Admin\Desktop\FRST.txt 2017-09-12 18:39 - 2017-09-12 18:39 - 000000000 ____D C:\FRST 2017-09-12 18:36 - 2017-09-12 18:36 - 001793024 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe 2017-09-12 12:41 - 2017-09-12 12:41 - 000002992 _____ C:\Documents and Settings\Admin\My Documents\esetonlinescanner.txt 2017-09-11 23:23 - 2017-09-12 07:50 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-09-11 23:22 - 2017-09-12 13:31 - 000221632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-09-11 23:22 - 2017-09-12 13:31 - 000040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-09-11 23:20 - 2017-09-11 23:20 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-11 23:20 - 2017-09-11 23:20 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes 2017-09-11 23:20 - 2017-09-11 23:20 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2017-09-11 23:20 - 2017-08-24 11:27 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys 2017-09-11 22:19 - 2017-09-11 22:19 - 000000000 ____D C:\Program Files\VS Revo Group 2017-09-11 22:19 - 2017-09-11 22:19 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller 2017-09-11 20:19 - 2017-09-11 20:19 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Mixxx 2017-09-11 20:18 - 2017-09-11 21:46 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache 2017-09-11 20:18 - 2017-09-11 20:18 - 000000000 ____D C:\Program Files\Mixxx 2017-09-11 20:18 - 2017-09-11 20:18 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Mixxx 2017-09-11 13:57 - 2017-09-11 14:45 - 000000000 ____D C:\Documents and Settings\Admin\My Documents\VirtualDJ 2017-09-11 13:57 - 2017-09-11 13:57 - 000000000 ____D C:\Program Files\VirtualDJ 2017-09-11 13:57 - 2017-09-11 13:57 - 000000000 ____D C:\Documents and Settings\Admin\Start Menu\Programs\VirtualDJ ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-12 18:40 - 2009-11-28 11:15 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Temp 2017-09-12 18:14 - 2012-01-02 22:33 - 000000000 ____D C:\Documents and Settings\Admin\Desktop\Admin 2017-09-12 18:02 - 2011-03-29 17:57 - 000001042 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2017-09-12 18:02 - 2011-03-29 17:57 - 000001038 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2017-09-12 18:01 - 2012-12-07 23:07 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-09-12 08:36 - 2011-06-13 18:40 - 000000000 ____D C:\Documents and Settings\Admin \Local Settings\Application Data\ESET 2017-09-12 08:07 - 2016-05-07 22:14 - 000000000 ____D C:\Program Files\Recuva 2017-09-12 07:50 - 2009-11-28 11:24 - 000000000 _____ C:\WINDOWS\system32\nvapps.xml 2017-09-12 07:49 - 2009-11-28 11:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-09-12 06:51 - 2009-11-28 11:15 - 000032614 _____ C:\WINDOWS\SchedLgU.Txt 2017-09-12 06:50 - 2009-11-28 11:15 - 000000278 ___SH C:\Documents and Settings\Admin\ntuser.ini 2017-09-12 00:58 - 2009-11-28 11:15 - 000000000 ____D C:\Documents and Settings\Admin 2017-09-11 22:01 - 2012-11-23 20:09 - 000000000 ____D C:\Program Files\Native Instruments 2017-09-11 20:37 - 2010-01-29 18:42 - 000000000 ____D C:\Program Files\BitComet 2017-09-11 13:38 - 2016-07-22 16:51 - 000000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Adblock Plus for IE 2017-09-11 13:16 - 2014-12-31 00:41 - 000000000 ____D C:\Documents and Settings\Admin\Desktop\tanci_jingle 2017-09-10 20:11 - 2004-08-04 15:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl 2017-09-07 15:12 - 2015-10-10 02:57 - 000000000 ____D C:\Documents and Settings\Admin\Desktop\OIP_Nastroiki 2017-09-06 22:05 - 2015-12-05 06:03 - 002338062 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1343024091-515967899-1417001333-1003-0.dat 2017-09-06 22:05 - 2015-12-05 06:03 - 000290518 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2017-09-06 20:57 - 2015-12-05 05:40 - 000000000 ____D C:\Documents and Settings\Admin\My Documents\Visual Studio 2010 2017-09-06 07:09 - 2016-10-21 13:37 - 000000000 ____D C:\Documents and Settings\Admin\Desktop\protokolippe 2017-08-23 08:30 - 2010-02-03 22:27 - 000000000 ____D C:\Documents and Settings\Admin\Desktop\Papkata ==================== Files in the root of some directories ======= 2009-12-31 17:18 - 2009-12-31 17:18 - 000001340 ____C () C:\Program Files\langbarrestore.reg.txt 2016-10-27 22:26 - 2017-01-15 22:20 - 000005021 _____ () C:\Documents and Settings\Admin\Application Data\LTspiceIV.ini 2010-01-27 20:58 - 2017-05-07 02:49 - 000018944 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-07-20 23:15 - 2011-09-09 18:56 - 000000012 _____ () C:\Documents and Settings\All Users\Application Data\ReminderNextRun Files to move or delete: ==================== C:\Documents and Settings\Admin\STARTUP.reg Some files in TEMP: ==================== 2015-11-24 08:26 - 2009-02-03 23:39 - 000161640 _____ (Autodesk, Inc.) C:\Documents and Settings\Admin\Local Settings\Temp\AcDeltree.exe 2015-12-05 05:40 - 2010-03-19 05:51 - 000086864 _____ (Microsoft Corporation) C:\Documents and Settings\Admin\Local Settings\Temp\Del2B.exe 2014-12-27 19:43 - 2014-12-27 19:43 - 000091136 ____N (IAIK) C:\Documents and Settings\Admin\Local Settings\Temp\pkcs11wrapper6927739469360601829.dll 2014-12-27 22:01 - 2014-12-27 22:01 - 000091136 ____N (IAIK) C:\Documents and Settings\Admin\Local Settings\Temp\pkcs11wrapper7888653191872319904.dll 2013-10-28 09:56 - 2013-03-12 11:59 - 000275552 ___RS (Tarma Software Research Pty Ltd) C:\Documents and Settings\Admin\Local Settings\Temp\Tsu1AAC677B.dll 2014-09-12 00:32 - 2014-09-12 00:32 - 006498200 _____ (Microsoft Corporation) C:\Documents and Settings\Admin\Local Settings\Temp\vcredist_x86.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe [2008-04-28 12:22] - [2008-04-28 12:22] - 001558528 _____ (Microsoft Corporation) D6B1F0681FFF4A819D3BC958B4EB6012 C:\WINDOWS\system32\winlogon.exe [2008-04-28 12:24] - [2008-04-28 12:24] - 000547328 _____ (Microsoft Corporation) A55B8899D2EA2E800061BCFD456E34DC C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll [2008-03-20 21:36] - [2008-03-20 21:36] - 000578560 _____ (Microsoft Corporation) F92D8964B5286DE225BD2B6BF89764BE C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Малко дълго стана мнението, но открих, че C:\?\ в "Recuva" означава използван отново запис на директория, но изглежда, че програмата не може да намери parent directory на тази. Освен това, на някои файлове ми дава грешка, като се опитам да ги залича, но пък преди малко успях с 2. Мисля, че разбрах коя е директорията - thumbnails на Mozilla Firefox. Само че защо нямам достъп до нея? Все пак благодаря за опита за помощ! Това не е вирус, а thumbnail-и, съхраняване в secured folder от браузъра, в случая Firefox. Все пак, може да ме посъветвате кои файлове да разкарам, няма да е излишно Addition.txt
  3. Здравейте, Надявам се да пиша на правилното място. Реших да прегледам какво имам в твърдия диск, дял C:\, като ползвам "Recuva". С изненада открих, че има папка, чиято пътека е C:\?\. В нея се съдържат изображения от интернет портали (включително и от профили в социални мрежи), които аз не съм теглил по никакъв начин. В отлично състояние са и са с имена от типа [число].jpg. В шестнайсетичния код не открих нищо подозрително, но не знам нито браузърът (Mozilla), нито Facebook и др. да съхраняват данни от този вид по този начин, при това в недостъпни папки. Ето 2 screenshot-a: Понеже преглеждам, когато се сетя, форума на Kaldata, реших да пробвам със сканиране с ESET Online Scanner, както беше написано няколко теми по-долу. Не се сетих за този вариант от начало, защото имам ESET Nod32 Antivirus на настолния компютър, обновяван редовно. Последният не откри нищо лошо, но първият софтуер изскочи с 13 съмнителни файла, определени като infected. Ето ги и тях: C:\Documents and Settings\Admin\Local Settings\Temp\MSI2D3.tmp a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application C:\Documents and Settings\Admin\Local Settings\Temp\vdj2D2.tmp.msi a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application C:\Documents and Settings\Admin\Local Settings\Temp\vdj2D5.tmp.msi a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application C:\Downloads\AUTODESK.AUTOCAD.V2014.WIN64-ISO\acad2014_x64.iso a variant of Win32/Keygen.HA potentially unsafe application C:\Program Files\11app.com\Free Convert MP2 to MP3\convert.exe a variant of Win32/Patched.F potentially unsafe application C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\Patch.exe a variant of Win32/HackTool.Patcher.X potentially unsafe application C:\WINDOWS\system32\cmdow.exe Win32/CMDOW.143 potentially unsafe application D:\Download\free-convert-mp2-to-mp3.exe a variant of Win32/Patched.F potentially unsafe application D:\Install\Advanced.Uninstaller.PRO.2006.7.5.zip a variant of Win32/HackTool.Patcher.X potentially unsafe application D:\Install\ConvertXtoDVD_3.8.0.193c.zip a variant of Win32/Keygen.AS potentially unsafe application D:\Install\Free PrimoPDF.exe Win32/OpenCandy potentially unsafe application D:\Install\SoundTaxi_Pro_VideoRip_v3.8.5.zip a variant of Win32/Keygen.QP potentially unsafe application D:\Matlab\DTLite4413-0173.exe Win32/OpenCandy potentially unsafe application Направи ми впечатление и че при NOD32 имаше 1 млн. файла, минали през "ситото", а при Online Scanner - eдва 300 000. След малко ще пусна и Malwarebytes, въпреки че с Firefox се бият и трябва да работи или едното, или другото приложение. Знам, че вирусите се маскират като някой познат процес в Task Manager, затова проверих местоположението на всички изпълними файлове там - точно е, а и svchost.exe се изпълнява от 4 процеса, това е допустим брой. Проучих и за симптоми на зараза с Malware-gen и Trojan.GenericKD, но няма такива. Кои файлове трябва да бъдат под карантина? Този път здраво се зачудих... Никога досега не съм се регистрирал в такъв тип сайтове, защото съм намирал решението сам след ровене в интернет, но този път не е само един проблемът, а и първият поред е прекалено комплексен, за да се справя сам (ако е проблем изобщо), затова Ви моля за помощ! Благодаря предварително за отделеното време!
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.